logo
DATABASE RESOURCES PRICING ABOUT US

Evolution Vulnerability

Description

Application: Evolution 2.22.2 OS: Linux - Ubuntu 8.04 ------------------------------------------------------ 1 - Description 2 - Vulnerability 3 - POC/EXPLOIT ------------------------------------------------------ Description Evolution is an email client that is built with ubuntu. ------------------------------------------------------ Vulnerability The vulnerability works when mail is sent and specially armed with html code, this causes the client to break. Analyzing with a debugger, you can see the failure with the following function. 0xb7a219d7 in html_engine_get_view_width () from /usr/lib/libgtkhtml-3.14.so.19 ------------------------------------------------------ POC/EXPLOIT The proof of concept can be done locally, when you save the following code in a html file and then load it into an e-mail from the new option "insert" and "html file", as that could verify the client is broken. <IFRAME SRC="A"></IFRAME> <FRAMESET><FRAME SRC="A"></FRAMESET> ------------------------------------------------------ Juan Pablo Lopez Yacubian